From e0b675d7b32081a9d92cfb641e94d9718b036959 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Apr 08 2014 11:56:03 +0000
Subject: Add labeling for puppet helper scripts


---

diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index b511649..aab44a5 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -23695,10 +23695,10 @@ index 0000000..1048292
 +')
 diff --git a/docker.te b/docker.te
 new file mode 100644
-index 0000000..d30d730
+index 0000000..d5a606c
 --- /dev/null
 +++ b/docker.te
-@@ -0,0 +1,263 @@
+@@ -0,0 +1,266 @@
 +policy_module(docker, 1.0.0)
 +
 +########################################
@@ -23843,6 +23843,7 @@ index 0000000..d30d730
 +auth_use_nsswitch(docker_t)
 +
 +init_read_state(docker_t)
++init_status(docker_t)
 +
 +logging_send_audit_msgs(docker_t)
 +logging_send_syslog_msg(docker_t)
@@ -23923,6 +23924,8 @@ index 0000000..d30d730
 +
 +modutils_domtrans_insmod(docker_t)
 +
++systemd_status_all_unit_files(docker_t)
++
 +userdom_stream_connect(docker_t)
 +userdom_search_user_home_content(docker_t)
 +
@@ -27832,10 +27835,10 @@ index 0000000..04e159f
 +')
 diff --git a/gear.te b/gear.te
 new file mode 100644
-index 0000000..6c32f79
+index 0000000..e6a1c7c
 --- /dev/null
 +++ b/gear.te
-@@ -0,0 +1,94 @@
+@@ -0,0 +1,101 @@
 +policy_module(gear, 1.0.0)
 +
 +########################################
@@ -27863,6 +27866,8 @@ index 0000000..6c32f79
 +#
 +# gear local policy
 +#
++allow gear_t self:capability chown;
++allow gear_t self:capability2 block_suspend;
 +allow gear_t self:process { getattr signal_perms };
 +allow gear_t self:fifo_file rw_fifo_file_perms;
 +allow gear_t self:unix_stream_socket create_stream_socket_perms;
@@ -27894,6 +27899,7 @@ index 0000000..6c32f79
 +kernel_rw_net_sysctls(gear_t)
 +
 +domain_use_interactive_fds(gear_t)
++domain_read_all_domains_state(gear_t)
 +
 +corecmd_exec_bin(gear_t)
 +corecmd_exec_shell(gear_t)
@@ -27914,6 +27920,8 @@ index 0000000..6c32f79
 +init_read_state(gear_t)
 +init_dbus_chat(gear_t)
 +
++iptables_domtrans(gear_t)
++
 +logging_send_audit_msgs(gear_t)
 +logging_send_syslog_msg(gear_t)
 +
@@ -27925,6 +27933,8 @@ index 0000000..6c32f79
 +
 +sysnet_dns_name_resolve(gear_t)
 +
++sysnet_domtrans_ifconfig(gear_t)
++
 +systemd_manage_all_unit_files(gear_t)
 +
 +optional_policy(`
@@ -69391,7 +69401,7 @@ index 6643b49..1d2470f 100644
  
  optional_policy(`
 diff --git a/puppet.fc b/puppet.fc
-index d68e26d..f734388 100644
+index d68e26d..cad91e2 100644
 --- a/puppet.fc
 +++ b/puppet.fc
 @@ -1,18 +1,20 @@
@@ -69407,8 +69417,8 @@ index d68e26d..f734388 100644
 -/usr/bin/puppetd	--	gen_context(system_u:object_r:puppet_exec_t,s0)
 -/usr/bin/puppetmasterd	--	gen_context(system_u:object_r:puppetmaster_exec_t,s0)
 +#helper scripts
-+/usr/bin/puppet-agent       --  gen_context(system_u:object_r:puppetagent_exec_t,s0)
-+/usr/bin/puppet-master      --  gen_context(system_u:object_r:puppetmaster_exec_t,s0)
++/usr/bin/start-puppet-agent       --  gen_context(system_u:object_r:puppetagent_exec_t,s0)
++/usr/bin/start-puppet-master      --  gen_context(system_u:object_r:puppetmaster_exec_t,s0)
  
 -/usr/sbin/puppetca	--	gen_context(system_u:object_r:puppetca_exec_t,s0)
 -/usr/sbin/puppetd	--	gen_context(system_u:object_r:puppet_exec_t,s0)